Field
The present application relates to document management. More specifically, the present application is directed to a system and method of managing multiple levels of privacy in documents.
Brief Discussion of Related Art
It is common for documents to contain data (information) that, for legal or ethical reasons, can only be disclosed to some parties and not to others. These constraints have commonly been enforced at the file system level by designating documents (files) with security settings (e.g., “Top Secret”) or requiring users to belong to specific security groups before being allowed to open the files. Efforts at applying privacy settings to contents of the documents have used a binary (e.g., private/not private) approach that fails to take into account legal and operational requirements, such as those created by the Health Insurance Portability and Accountability Act (HIPAA), for privacy disclosures to be tailored to different audiences.
Protecting private data is of both increasing importance and increasing complexity. In addition to traditional classifications of confidential data, trade secrets and financial information, web sites now have privacy policies that are the legal equivalent of contracts, while laws such as HIPAA and Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) mandate that certain types of information be protected from inadvertent disclosure. Meanwhile, technology geared to make sharing and printing of documents easier increases the opportunities for inappropriate leakage of such information.
As an example, HIPAA designated certain health information that must be protected from disclosure such as name, birth date (except the year), social security and medical record numbers. Also included is less obvious information such as finger prints, facial photographs, web page addresses and even vehicle identification numbers. As another example, GLBA includes many of the same items, though not health information generally, but also includes any form of financial information that can be electronically transferred. Other laws regulating information disclosures include the Family Educational Rights and Privacy Act (FERPA), Children's Online Privacy Protection Act (COPPA) and, outside the United States, European Union Data Protection Directive and Canadian Privacy Act. Penalties for covered companies that fail to protect information as required by these laws can be extremely damaging. Even when companies are not covered by any privacy law, data leakage can result in lawsuits, loss of trade secrets and reduced credibility.
Current systems of privacy protection use binary protection schemes. In these schemes, a document is private or it is not. Consequently, protection of information is also binary. Either the document is correctly marked private and is protected, or it is not marked private and it is not protected. Binary protection of the document often means that much information that needs little or no protection is hidden, simply because it is on the same pages(s) as some information that is designated private in the document. Or worse, information that needs protection is left open because it is on the same page(s) as some information that is less private that people need to use. This shows how binary protection ignores the clear difference in privacy needs of different types of information. In most contexts, people's names do not need to be concealed. Social security numbers, however, can facilitate identity theft and should be carefully guarded.